> Well, the OP stated that he was told by the CBL guys > that is IP was listed due > to something using the remote domain as the HELO > greeting.
correct. > would do it by itself. But if the server hosts > multiple web sites, it is > possible that one of the customers abuses the server > or has written or > installed an insecure script that allows an attacker > to run code of his own > as that customer. it is a host with multiple websites, i already disabled mail() function on PHP. as suggested by one of the mailing list member to check on exim log. i do as he say but can't found any suspicious log record. does exim can log HELO session too? if yes how do i do it? Best Regards, Markus Send instant messages to your online friends http://uk.messenger.yahoo.com -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
